HR databases – a gold mine for data thieves

It is believed that approximately one-third (30%) of a person’s life is spent working. While many career and financial goals are achieved during this time, many significant and personal milestones are also crossed as an ‘employee’. The first job, the first house, wedding, children, health, retirement and sometimes even bereavement!

This shows just how much personal information is held by HR departments, not just during an individual’s duration of employment but even after they have left the organisation.

Apart from basic information like name, email, date of birth, residential address, etc., HR departments hold complete dossiers on their employees. Salary, benefits, conditions of employment, sickness, absenteeism, pregnancy, adoption, gender associations, disciplinary and grievances issues, pension, retirement benefits, IRS data, criminal convictions…the list goes on.

Hacking into such a database could be a dream-come-true for data thieves.

Indeed, not all information is held all the time. New regulations guide HR managers in managing this data effectively and responsibly. These guidelines are only getting better and more stringent.

That said, employers and specifically HR managers cannot ignore the weight of the responsibility they carry, nor can they ignore the risk posed by data breaches. Seemingly secure organisations such as the United States Office of Personnel Management (OPM) also fell prey to hackers who targeted approximately 22.1 million personnel records of government employees.

The risks and responsibilities have only further intensified post Covid. With remote recruitment becoming the order of the day, recruitment documents like CV, application forms etc., and new starter documentation such as Form I-9, photographs, passport copies, employment authorisation cards etc., are being freely exchanged over insecure platforms like emails, chat applications and image sharing portals. Other highly confidential and sensitive information generated throughout the employee lifecycle, such as sickness data, family matters, disciplinary and grievances issues, pension details, etc., are also exchanged in the same insecure manner.

According to ‘Latest Hacking News’, an ethical hacking portal, employees whose data gets stolen due to employer negligence could be eligible to sue the employer. Data Breach Notification Laws for each state stipulate in great detail, the steps to be taken in case of a breach. It is anyone’s guess that the costs involved, the loss of reputation and the administrative burden is a rabbit hole that is difficult to come out of. And certainly, one to avoid!

A pro-active and systematic approach towards avoiding this risk rather than taking corrective knee-jerk reactions after the damage has been done is clearly a better option.

DropSecure is one such platform that uses military-grade, multidimensional and dynamic encryption methods to safeguard data.

DropSecure uses randomly generated AES 256 bit symmetric keys for securing data transfer. This ensures that data shared between you and your employee/colleague via DropSecure leaves devices fully encrypted and secured. A two-factor identification process is then used before issuing a decryption key/OTP to the intended recipient before it can be accessed. The File Vault Protection option can further safeguard any data saved by users on DropSecure servers by using ‘public key cryptography’.

Such features make DropSecure particularly suitable to exchange new starter information with zero risk.

What makes DropSecure different and better than other encryption platforms is that it requires no software installations and needs no passwords. What’s more, managers can set expiration dates, control and revoke access on files and folders, thereby ensuring that data is held only by the rightful owners and disposed of when the need is fulfilled. A remarkable feature when dealing with HR case work.

Zero Knowledge transfer further ensures that DropSecure themselves have absolutely no access to client information.

So really, no data is ever lost; and certainly, never found in the wrong hands.

With simple pricing solutions and FINRA, SEC and HIPPA compliance, DropSecure provides stress-free solutions for effectively safeguarding data while ensuring legal compliance.

DropSecure’s mission is to simplify your communication and sharing needs without knowing the contents of your data. To that extent, you can rest assured that your data is in your control.

Get secure with DropSecure cyber security’s 7-day free trial today.

Related Posts

Awards and Achievements